In June of 2021, we attended the IT Nation Secure conference in Orlando. This was our first time attending this conference and our first in-person conference since the world shut down in 2020. This conference covered quite a bit of ground, from cybersecurity practices to MSP (managed service provider) trends. While there was so much covered (more than can fit into any article!), we’ve narrowed down what we’ve learned to our five biggest takeaways for you.
Ransomware and phishing continues to grow
We’ve heard for years that ransomware and phishing are becoming more common, but nothing accelerated their prevalence like the Covid-19 pandemic. Not only are they becoming more common, but they have made their way into the mainstream news cycle, with attacks like SolarWinds and Kaseya being covered extensively. In the past, ransomware hackers would take your data, encrypt it, and try to sell it back to you. Now, they’re bypassing you entirely and selling your data to third parties.
To combat this rise in attacks, new tools are being developed to assist with cybersecurity training. These tools assess a user’s ability to detect phishing emails and gauge how likely they are to recognize suspicious websites. This is great news for MSPs as we continue to make cybersecurity a collaborative process, involving our clients every step of the way.
The Covid-19 impact
As businesses begin to return to in-person work and life returns to normal (how many times have we heard that over the past year?), we’re starting to see the total impact the pandemic has had on the IT industry and how it has shifted priorities for MSPs. One specific example is disaster recovery. This was an important area for every business to have stringent continuity plans in place in natural disasters or widespread data loss. As Covid has brought on a revolution for work-from-anywhere, it has decentralized businesses. When disaster strikes, it’s more often a one-off situation with individual devices rather than an organization-wide problem.
While workers certainly aren’t complaining about the flexibility work-from-anywhere gives them, it has certainly shifted the way MSPs approach security. IT providers can’t go to every person’s home and configure their home Wi-Fi to be secure (and public Wi-Fi opens even more doors). Given this, there have been considerable developments in tools that combat this to make workstations more secure regardless of where the person is working. At Tech Superpowers, two of the most important tools we utilize in this area are ThreatLocker and Cisco Umbrella. These tools give us flexible, cloud-based security that significantly bolsters our clients’ devices.
The rise of MSPs for cyberdefense
One of the biggest takeaways we took from this conference was the growth of MSPs. Tech Superpowers has grown quite a bit in the past few years, and we’re certainly not alone. As cybersecurity and cyberattacks are becoming more and more mainstream, most businesses are asking themselves, “Is my organization secure and protected?” Cybersecurity audits are becoming more prevalent, helping companies gauge how well their defenses stack up against the rest of the industry.
While more business is never a bad thing, the rise of MSPs has also led to some unintended consequences. In the past, hackers would target individuals and small businesses, the most vulnerable among us. Now, they are setting their sites on much bigger fish, the MSPs themselves. While not usually as vulnerable, a successful attack on an MSP yields far greater rewards, access to all of their clients at once.
Over the past year, several high-profile cyberattacks have made their way into mainstream media. Namely, the SolarWinds hack that spread as far as the upper echelons of the US Government, including the Department of Homeland Security and the Treasury Department. This has led to widespread speculation that regulations may be coming soon to MSPs.
In January 2020, the Department of Defense released its first version of the CMMC (cybersecurity maturity model certification) to bolster compliance with mandatory practices through third-party assessments. While this is a big step towards the regulation of MSPs, the US government has yet to make CMMC a requirement. We expect this to change within the next year (depending on the speed of congressional approval), possibly even sooner if another widescale attack occurs similar to SolarWinds.
Finally, one of the things in IT that continues to evolve is the MSP relationship with the client. IT professionals are client-facing and approachable, a stark contrast to the stereotypical IT guy hiding in a server closet. Clients are involved in policy discussions and are taught cybersecurity practices right along with the IT pros. In the past, when an MSP would set a policy, it would be tough to get clients to follow this without more information. By involving them in the process, and teaching them the relevance of the procedure and why it’s necessary, everyone buys in, and the whole organization benefits.
Do you have any questions or concerns about any of our takeaways? Have you realized that your organization needs an MSP you can trust and grow with? Contact us to learn more!